package com.maverick.sshd;

import com.maverick.ssh.SshException;
import com.maverick.sshd.events.EventServiceImplementation;
import com.maverick.sshd.events.SSHDEvent;
import com.maverick.sshd.events.SSHDEventCodes;
import com.maverick.util.ByteArrayReader;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maverick/sshd/AuthenticationProtocol.class */
public class AuthenticationProtocol implements Service {
    static Logger log = LoggerFactory.getLogger(AuthenticationProtocol.class);
    public static final int SSH_MSG_USERAUTH_REQUEST = 50;
    public static final int SSH_MSG_USERAUTH_FAILURE = 51;
    public static final int SSH_MSG_USERAUTH_SUCCESS = 52;
    public static final int SSH_MSG_USERAUTH_BANNER = 53;
    TransportProtocol transport;
    AuthenticationMechanism currentAuthentication;
    String currentMethod;
    String username;
    String service;
    static final String SERVICE_NAME = "ssh-userauth";
    boolean authInProgress = false;
    int failed = 0;
    ArrayList<String> completedAuthentications = new ArrayList<>();
    Map<String, Object> authenticationParameters = new ConcurrentHashMap(8, 0.9f, 1);
    Date started = new Date();
    String[] requiredAuthentications = null;

    @Override // com.maverick.sshd.Service
    public void init(TransportProtocol transportProtocol) {
        this.transport = transportProtocol;
    }

    @Override // com.maverick.sshd.Service
    public synchronized void stop() {
        if (this.transport != null && log.isDebugEnabled()) {
            log.debug("Cleaning up authentication protocol references");
        }
        this.transport = null;
    }

    @Override // com.maverick.sshd.Service
    public void start() {
        if (this.transport.getSshContext().getBannerMessage() == null || this.transport.getSshContext().getBannerMessage().length() <= 0) {
            return;
        }
        this.transport.postMessage(new SshMessage() { // from class: com.maverick.sshd.AuthenticationProtocol.1
            @Override // com.maverick.sshd.SshMessage
            public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                byteBuffer.put((byte) 53);
                byte[] bytes = AuthenticationProtocol.this.transport.getSshContext().getBannerMessage().getBytes();
                byteBuffer.putInt(bytes.length);
                byteBuffer.put(bytes);
                byteBuffer.putInt(0);
                return true;
            }

            @Override // com.maverick.sshd.SshMessage
            public void messageSent() {
                if (AuthenticationProtocol.log.isDebugEnabled()) {
                    AuthenticationProtocol.log.debug("Sent SSH_MSG_USERAUTH_BANNER");
                }
            }
        });
    }

    @Override // com.maverick.sshd.Service
    public boolean processMessage(byte[] bArr) throws IOException {
        if (this.authInProgress) {
            return this.currentAuthentication.processMessage(bArr);
        }
        switch (bArr[0]) {
            case SSH_MSG_USERAUTH_REQUEST /* 50 */:
                processRequest(bArr);
                return true;
            default:
                return false;
        }
    }

    public Object getParameter(String str) {
        return this.authenticationParameters.get(str);
    }

    public void setParameter(String str, Object obj) {
        this.authenticationParameters.put(str, obj);
    }

    void processRequest(byte[] bArr) throws IOException {
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
        try {
            byteArrayReader.skip(1L);
            this.username = byteArrayReader.readString();
            this.service = byteArrayReader.readString();
            boolean z = true;
            if (this.transport.getSshContext().getAccessManager() != null) {
                z = this.transport.getSshContext().getAccessManager().canConnect(this.username);
                if (log.isDebugEnabled()) {
                    log.debug("Access Manager has " + (z ? "authorized" : "denied") + " access to " + this.username);
                }
            }
            Connection connectionById = ConnectionManager.getInstance().getConnectionById(this.transport.getUUID());
            connectionById.username = this.username;
            if (this.requiredAuthentications == null && this.transport.getSshContext().getAccessManager() != null) {
                this.requiredAuthentications = this.transport.getSshContext().getAccessManager().getRequiredAuthentications(this.transport.getUUID(), this.username);
            } else if (this.requiredAuthentications == null && this.transport.getSshContext().getAuthenticationMechanismFactory() != null) {
                this.requiredAuthentications = this.transport.getSshContext().getAuthenticationMechanismFactory().getRequiredMechanisms(connectionById);
            }
            if (this.requiredAuthentications == null) {
                this.requiredAuthentications = this.transport.getSshContext().getRequiredAuthentications();
            }
            this.currentMethod = byteArrayReader.readString();
            if (log.isDebugEnabled()) {
                log.debug("Client is attempting " + this.currentMethod + " authentication");
            }
            byte[] bArr2 = null;
            if (byteArrayReader.available() > 0) {
                bArr2 = new byte[byteArrayReader.available()];
                byteArrayReader.read(bArr2);
            }
            if (z && this.transport.getSshContext().supportedAuthenticationMechanisms().contains(this.currentMethod) && this.service.equals(ConnectionProtocol.SERVICE_NAME)) {
                try {
                    if (this.transport.m20getContext().getAuthenticationMechanismFactory() != null) {
                        this.currentAuthentication = this.transport.m20getContext().getAuthenticationMechanismFactory().createInstance(this.currentMethod, this.transport, this, connectionById);
                    } else {
                        this.currentAuthentication = (AuthenticationMechanism) this.transport.getSshContext().supportedAuthenticationMechanisms().getInstance(this.currentMethod);
                        this.currentAuthentication.init(this.transport, this);
                    }
                    this.authInProgress = true;
                    this.currentAuthentication.startRequest(this.username, bArr2);
                    return;
                } catch (UnsupportedChannelException e) {
                    if (!this.currentMethod.equals("none") && log.isErrorEnabled()) {
                        log.error("Failed to initialize " + this.currentMethod + " authentication mechanism", e);
                    }
                } catch (SshException e2) {
                    if (log.isErrorEnabled()) {
                        log.error("Failed to initialize authentication mechanism", e2);
                    }
                }
            }
            failedAuthentication();
        } finally {
            byteArrayReader.close();
        }
    }

    public synchronized void completedAuthentication() {
        if (this.transport == null || !this.transport.isConnected()) {
            if (log.isDebugEnabled()) {
                log.debug("Transport is no longer connected!");
                return;
            }
            return;
        }
        if ((this.currentAuthentication instanceof KeyboardInteractiveAuthentication) && ((KeyboardInteractiveAuthentication) this.currentAuthentication).selectedProvider.getName().equals("password")) {
            this.completedAuthentications.add("password");
        }
        this.completedAuthentications.add(this.currentAuthentication.getMethod());
        boolean z = true;
        for (int i = 0; i < this.requiredAuthentications.length; i++) {
            z &= this.completedAuthentications.contains(this.requiredAuthentications[i]);
        }
        if (!z) {
            failedAuthentication(true, true);
        } else {
            this.transport.postMessage(new SshMessage() { // from class: com.maverick.sshd.AuthenticationProtocol.2
                @Override // com.maverick.sshd.SshMessage
                public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                    byteBuffer.put((byte) 52);
                    return true;
                }

                @Override // com.maverick.sshd.SshMessage
                public void messageSent() {
                    if (AuthenticationProtocol.log.isDebugEnabled()) {
                        AuthenticationProtocol.log.debug("Sent SSH_MSG_USERAUTH_SUCCESS method=" + AuthenticationProtocol.this.currentMethod + " completed=" + AuthenticationProtocol.this.createList((String[]) AuthenticationProtocol.this.completedAuthentications.toArray(new String[0])) + " required=" + AuthenticationProtocol.this.createList(AuthenticationProtocol.this.requiredAuthentications));
                    }
                    EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_USERAUTH_SUCCESS, true).addAttribute(SSHDEventCodes.ATTRIBUTE_CONNECTION, ConnectionManager.getInstance().getConnectionById(AuthenticationProtocol.this.transport.getUUID())).addAttribute(SSHDEventCodes.ATTRIBUTE_ATTEMPTED_USERNAME, AuthenticationProtocol.this.username).addAttribute(SSHDEventCodes.ATTRIBUTE_AUTHENTICATION_METHOD, AuthenticationProtocol.this.currentMethod).addAttribute(SSHDEventCodes.ATTRIBUTE_OPERATION_STARTED, AuthenticationProtocol.this.started).addAttribute(SSHDEventCodes.ATTRIBUTE_OPERATION_FINISHED, new Date()));
                    Connection connectionById = ConnectionManager.getInstance().getConnectionById(AuthenticationProtocol.this.transport.getUUID());
                    if (AuthenticationProtocol.this.transport.getSshContext().getAuthenticationProvider() != null) {
                        AuthenticationProtocol.this.transport.getSshContext().getAuthenticationProvider().startSession(connectionById);
                    }
                    EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_AUTHENTICATION_COMPLETE, true).addAttribute(SSHDEventCodes.ATTRIBUTE_CONNECTION, connectionById).addAttribute(SSHDEventCodes.ATTRIBUTE_AUTHENTICATION_METHODS, AuthenticationProtocol.this.completedAuthentications));
                    AuthenticationProtocol.this.transport.startService(new ConnectionProtocol(AuthenticationProtocol.this.username));
                }
            });
            this.authInProgress = false;
        }
    }

    public void discardAuthentication() {
        this.authInProgress = false;
    }

    public synchronized void failedAuthentication() {
        failedAuthentication(false, false);
    }

    public synchronized void failedAuthentication(boolean z, boolean z2) {
        if (this.transport == null || !this.transport.isConnected()) {
            if (log.isDebugEnabled()) {
                log.debug("Transport is no longer connected!");
                return;
            }
            return;
        }
        String[] supportedMechanisms = this.transport.m20getContext().getAuthenticationMechanismFactory() != null ? this.transport.m20getContext().getAuthenticationMechanismFactory().getSupportedMechanisms() : this.transport.getSshContext().supportedAuthenticationMechanisms().toArray();
        if (Boolean.getBoolean("maverick.oldMethodsToContinue")) {
            failedAuthentication(z, z2, supportedMechanisms);
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < supportedMechanisms.length; i++) {
            if (!this.completedAuthentications.contains(supportedMechanisms[i])) {
                arrayList.add(supportedMechanisms[i]);
            }
        }
        failedAuthentication(z, z2, (String[]) arrayList.toArray(new String[0]));
    }

    private synchronized void failedAuthentication(final boolean z, boolean z2, final String[] strArr) {
        String[] supportedMechanisms = (strArr == null || strArr.length == 0) ? this.transport.m20getContext().getAuthenticationMechanismFactory() != null ? this.transport.m20getContext().getAuthenticationMechanismFactory().getSupportedMechanisms() : this.transport.getSshContext().supportedAuthenticationMechanisms().toArray() : strArr;
        fireFailureEvent(z, z2, strArr);
        if (!this.currentMethod.equals("none") && !z) {
            if (!z2) {
                this.failed++;
            }
            if (this.failed >= this.transport.getSshContext().getMaxAuthentications()) {
                this.transport.disconnect(11, "Too many bad authentication attempts!");
                return;
            }
        }
        final String[] strArr2 = supportedMechanisms;
        this.transport.postMessage(new SshMessage() { // from class: com.maverick.sshd.AuthenticationProtocol.3
            @Override // com.maverick.sshd.SshMessage
            public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                byteBuffer.put((byte) 51);
                String createList = AuthenticationProtocol.this.createList(strArr2);
                byteBuffer.putInt(createList.length());
                byteBuffer.put(createList.getBytes());
                byteBuffer.put((byte) (z ? 1 : 0));
                return true;
            }

            @Override // com.maverick.sshd.SshMessage
            public void messageSent() {
                if (AuthenticationProtocol.log.isDebugEnabled()) {
                    AuthenticationProtocol.log.debug("Sent SSH_MSG_USERAUTH_FAILURE method=" + AuthenticationProtocol.this.currentMethod + " availableMethods=" + AuthenticationProtocol.this.createList(strArr) + " partial=" + z + " required=" + AuthenticationProtocol.this.createList(AuthenticationProtocol.this.requiredAuthentications));
                }
            }
        });
        if (this.transport.m20getContext().getAccessManager() != null && !this.transport.m20getContext().getAccessManager().canConnect(this.transport.getRemoteAddress(), this.transport.getLocalAddress())) {
            this.transport.disconnect(1, "Access denied");
        }
        this.authInProgress = false;
    }

    private void fireFailureEvent(boolean z, boolean z2, String[] strArr) {
        if (this.currentMethod.equals("none")) {
            return;
        }
        if (z) {
            EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_USERAUTH_SUCCESS, true).addAttribute(SSHDEventCodes.ATTRIBUTE_CONNECTION, ConnectionManager.getInstance().getConnectionById(this.transport.getUUID())).addAttribute(SSHDEventCodes.ATTRIBUTE_ATTEMPTED_USERNAME, this.username).addAttribute(SSHDEventCodes.ATTRIBUTE_AUTHENTICATION_METHODS, createList(strArr)).addAttribute(SSHDEventCodes.ATTRIBUTE_AUTHENTICATION_METHOD, this.currentMethod));
        } else {
            if (z2) {
                return;
            }
            EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_USERAUTH_FAILURE, true).addAttribute(SSHDEventCodes.ATTRIBUTE_CONNECTION, ConnectionManager.getInstance().getConnectionById(this.transport.getUUID())).addAttribute(SSHDEventCodes.ATTRIBUTE_ATTEMPTED_USERNAME, this.username).addAttribute(SSHDEventCodes.ATTRIBUTE_AUTHENTICATION_METHODS, createList(strArr)).addAttribute(SSHDEventCodes.ATTRIBUTE_AUTHENTICATION_METHOD, this.currentMethod));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String createList(String[] strArr) {
        String str = "";
        int i = 0;
        while (i < strArr.length) {
            str = str + (i > 0 ? "," : "") + strArr[i];
            i++;
        }
        return str;
    }

    @Override // com.maverick.sshd.Service
    public int getIdleTimeoutSeconds() {
        return this.transport.m20getContext().getIdleAuthenticationTimeoutSeconds();
    }
}
